[c-nsp] tcpdump on ios?
Roland Dobbins
rdobbins at cisco.com
Fri Jan 11 21:54:33 EST 2008
On Jan 12, 2008, at 10:25 AM, Tony Li wrote:
> This is correct. What do you do with the data? Without dedicated
> high bandwidth storage, there's no place for it to go.
6500 and 7600 have SPAN/RSPAN and copy/capture VACLs which merely
replicate the traffic, the collection system has to be directly
attached. There's also ERSPAN on Sup720 which can encapsulate the
sniffed traffic in GRE and ship out out layer-3, but one must be
careful to avoid the hall-of-mirrors effect (i.e., send it over the
DCN).
Flexible NetFlow, currently available in software-based routers
running T-train, allows one to grab header and/or payload data, and
then export it in NetFlow v9 format. I'm given to understand that the
major NetFlow analysis vendors are working to add support (no word yet
on open source tool support; anything which is v9-capable can collect
the flows, but then the tool must be able to interpret/sort on the
telemetry).
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Culture eats strategy for breakfast.
-- Ford Motor Company
More information about the cisco-nsp
mailing list